Microsoft gearing up for SSL cert update to Windows Phone?

While far from exciting, as it won't bring any new features, Microsoft is rumored to be working on an update to fix fraudulent SSL certificates in a hacking attempt that took aim at many web browser. Microsoft just published a security advisory on the issue to address the bogus SSL certs. As Bruce Cowper, manager of the Microsoft Trustworthy group states:

This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com...These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users. We are unaware of any active attacks.

Microsoft has since patched Internet Explorer against the attack is reportedly mulling over an update, even possibly an over-the-air (OTA) one for Windows Phone, though nothing is certain at this point. No time line was given either. It will be interesting to see if Microsoft utilizes the OTA update capability for Windows Phone, a feature which was originally thought to be used for adding copy/paste but has since taken a back seat due to reliability concerns.

Edit: For those curious about SSL certs and how they work, see VeriSign

Microsoft gearing up for SSL cert update to Windows Phone?

Bottom line though, is all this talk about updates to the WP7 device is moot as there are NO updates which are actually occuring at all. Oh, but there are plenty of NEW phones w/ the updated OS!Can you say Windows Mobile??

Just update our phones via the Zune software and bypass the carriers altogether like Apple has done since Day 1. That way, Microsoft has control of the update process and isn't held hostage by uncaring carriers like AT&T who can't seem to get updates out of "Testing" status.